- Jamf Nation Community
- Products
- Jamf Pro
- Re: Changing preferred Wifi networks without admin...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2018 02:53 AM
We’ve recently removed admin rights on Macs for all of our users. Does anyone know of a way to enable users to always be able to administer preferred/saved Wifi networks which are saved on their machines without having to grant them temporary admin rights?
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Pro
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2018 03:41 AM
Maybe try:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to add printers and manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
#For printing
/usr/bin/security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;
Reply
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2018 03:35 AM
We use a script mentioned in this thread to allow users to set preferred networks in Self Service.
Does that help at all?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2018 03:41 AM
Maybe try:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to add printers and manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
#For printing
/usr/bin/security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 06:39 PM
Is this still valid for macOS 12.3.1? I just tried it and while networking is now indeed unlocked it will ask me for admin logon when I hit OK. The changes wont stick without it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2022 10:14 AM - edited 09-13-2022 10:28 AM
I'm seeing the same issue; the networking pane is unlocked, but when I choose a Wi-Fi networks and hit the minus "-", it asks me for admin login.
It does work, it just needs the
/usr/bin/security authorizationdb write com.apple.wifi allowline in it too.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2022 05:14 PM
Did that, policy ran ok with below results but making changes to WiFi STILL asks me for admin credentials.
| [STEP 1 of 4] |
| Executing Policy System Preferences - Print and WiFi without admin |
| [STEP 2 of 4] |
| Running script System Preferences - Print and WiFi without admin... |
| Script exit code: 0 |
| Script result: YES (0) YES (0) YES (0) YES (0) YES (0) |
| [STEP 3 of 4] |
| [STEP 4 of 4] |
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2022 06:09 AM
Well, well, the test machine I have is Ventura 13.01, and indeed, it is now asking for admin credentials. Looks like we'll need another solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2022 02:36 AM
This is how Apple keeps us entertained.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-14-2022 03:21 PM
Not sure if this is relevant but I added /usr/libexec/airportd prefs RequireAdminNetworkChange=NO RequireAdminIBSS=NO before testing
While testing on Ventura, I found that I'm prompted for the admin password, but I click Cancel and the removal still works. Curious if you get the same result.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-14-2018 01:32 AM
@dsavageED - That worked perfectly, thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-01-2022 07:41 AM
May be a dumb question, but I assume this is just a "run once per machine" deployment, or do we need to stick it in self service to be run on demand
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2022 09:24 AM
I run it "once per machine".
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-08-2023 02:29 PM
does anyone know how to reverse the script so it's back to being admin locked?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-25-2023 09:31 AM
I believe you will have to delete the preferences you made changes to in order to get it back the way it was.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-25-2023 09:33 AM
Anyone has found or written a script to allow user changes for WiFi settings for Ventura?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-02-2023 01:30 AM
I'm struggling to allow this on MacOS Ventura as well.
Anyone found a solution?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2023 06:24 AM
i have rearranged the code to only allow the 'Activation W-Lan Management Settings'
Maybe try this:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;
